header-logo
Suggest Exploit
vendor:
Formail-clone
by:
SecurityFocus
6.4
CVSS
MEDIUM
Bypassing cPanel Formail-clone Local Domain Checks
264
CWE
Product Name: Formail-clone
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Bypassing cPanel Formail-clone Local Domain Checks

It has been reported that cPanel is prone to an issue where a remote attacker may bypass cPanel Formail-clone local domain checks and have untrusted e-mail delivered in the context of the vulnerable host. This issue may be exploited by an attacker to use the vulnerable host as an open relay.

Mitigation:

Ensure that the cPanel Formail-clone local domain checks are properly configured and enforced.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7758/info

It has been reported that cPanel is prone to an issue where a remote attacker may bypass cPanel Formail-clone local domain checks and have untrusted e-mail delivered in the context of the vulnerable host.

This issue may be exploited by an attacker to use the vulnerable host as an open relay. 

<input type="hidden" name="recipient"
value="user1@offsitedomain.(localdomain)co
m, user2@offsitedomain.(localdomain)com">

Navigation

Suggest Exploit

Services By CQR